Posted
by
Soulskillon Wednesday March 05, 2014 @01:04AM
from the airwave-rights-are-the-new-mineral-rights-for-homeowners dept.

BUL2294 writes "The Chicago Tribune is reporting that, over the next few months in Chicago, Comcast is turning on a feature that turns customer networks into public Wi-Fi hotspots. After a firmware upgrade is installed, 'visitors will use their own Xfinity credentials to sign on, and will not need the homeowner's permission or password to tap into their Wi-Fi signal. The homegrown network will also be available to non-subscribers free for several hours each month, or on a pay-per-use basis. Any outside usage should not affect the speed or security of the home subscriber's private network. [...] Home internet subscribers will automatically participate in the network's growing infrastructure, although a small number have chosen to opt out in other test markets.' The article specifically mentions that this capability is opt-out, so Comcast is relying on home users' property, electricity, and lack of tech-savvy to increase their network footprint."
Comcast tried this in the Twin Cities area, and was apparently satisfied with the results, though subscribers are starting to notice.

Same in Philadelphia for at least as long. Took multiple calls to tech to get someone on the phone who even knew what the fuck I was talking about. First two phone calls, the techs pretended(?) to not know what I was talking about. So, hang up and try again. Tech support roulette is fun!

During 3rd call to comcast tech support, I was told this was an "Xfinity wifi"-specific issue, and I'd need to call a separate number.

So, I called the dedicated Xfinity WiFi tech support number. They started by asking me what location I was trying to connect from. Home? Oh, well then, you need to call the home internet support number. 1-800-COMCAST. Wow. Thanks.

It wasn't until the 5th phone call that I got someone on the phone who knew what I was talking about, and they transferred me to a higher-tier tech who could turn off the hotspot.

How do they manage bandwidth caps? They same way they don't bill you for cable TV channel bandwidth. They know what's coming across their network and from where.

Additionally, Comcast Business customers (at least) are being provided with a separate cablemodem and router/AP for the public wifi.

My POB's main office just installed a 75/15 link a month or so ago. Once we found out what the equipment was for, we disabled it immediately. We also disabled the wifi on the private router/AP as well, as we already have a heavily secured wireless AP on premises and simply don't trust Comcast enough not to try and circumvent our precautions. And god help them if they do.

In addition, from DOCSIS 2.0 onwards, the modem can and does reserves bandwidth for specific use. So in theory, the bandwidth of the roaming users do not eat any of your capabilities. The part I would not vouch is for the hardware capabilities of the modem/router provided by default. I disabled ours and put it in bridging mode only.

So what happens when people start connecting to your router and doing unsavory things. A couple I can think of, human trafficking or child porn, or less evil but still evil trying to get on the other side of your router. What about downloading Torrents? I mean we don't really know how good that firmware is do we? What if the FBI come knocking on your door one day saying, We noticed that someone at this address is doing some bad things. Come with us please.

Even if it doesn't, they are eating into the limited bandwidth of the wireless radio which you may be using for much hungrier things that don't connect upstream (transfering files between a laptop and a desktop for instance). Wireless devices in general also tend to have stability and reliability issues when you start assinging a bunch of extra virtual interfaces to them. THIS is why I always insist on the ISP router being put in bridge mode and connecting my own router into it.

well even with some kind of VLAN is still on the same cable node that lot's of other users are also on. Comcast does NOT have SDV so they don't have as many nodes as other SDV cable systems have.

Also parts of the City of Chicago system don't have as much QAM space as rest of Chicago land (but in Chicago land comcast does not use that space). Also we don't have BTN alts in HD, CLTV HD, Fox Sports 2 HD, and more. RCN has all them + more Premium HD. Directv and U-Verse have lot's more as well.

Err it would be like you and your neighbour having separate connections with 1 router.Its nothing like your neighbour having the same ISP. That has 2 routers, 2 physical connections back to the ISP, 2 routing tables and 2 public IPs.

and how will they stop this from eating up router CPU / IO use? also what about apartments where it can be hard to get good WiFi when all channels are being used by a lot of people all in the same small area.

You're using a ludicrous argument to try to wedge an on-principle enforcement into a world you don't like. If someone actually stole a penny from you per year, you wouldn't really care. If they reached into your coat pocket to take a penny, you would be very upset about the invasion of personal space, and might scream something useless about stealing when all you really care about is people groping around in your pockets.

Well Comcast owns the line and the modem. They lease you service with a specific SLA. As long as that SLA is in place--as long as the bandwidth you pay for is available when you try to use it--they're completely within their rights to lease additional on that line, and to use their equipment to provide access as long as they don't allow for unagreed intrusion into your property. So nobody's coming inside your house to plug in a CAT6 cable; and they're not connecting up to your private network, either; therefor, there's nothing of note happening here.

You sound rich. Are you also trying to stop fracking because the water tower they want to put up looks ugly?

You're complaining that people may want to use Wifi, and this is a problem because you want to use Wifi, and we should exclude everyone else from using Wifi anywhere near you because it makes it harder for you to use Wifi.

I see stuff online that says normally an SSID is broadcast every 10mS or 100mS (10mS seems low to me). 10 packets per second isn't really a lot, although maybe once every 1 second would be less stupid. I mean when you open a directory in a file browser, it can populate with files for 2-3 seconds if it's large--your photos directory maybe. Why do we need advertisement 10 times per second?

Aside from that, idle access points--even at 100mS between SSID advertisements--don't seem like they'd degrade network too much. In-use access points will, but then we're back to not letting other people use Wifi because you want to use WIfi.

Here's something people don't realize about WiFi - besides the network backbone the access point connects to, WiFi devices on the same frequency communicate with each other too.

If you and your neighbour use the same WiFI channel or close to it, the two APs are actually handshaking between themselves at the management frame level (Layer 2), even though they're not actually on the same network, same SSID, or whatever. They're coordinating between themselves on usage.

And beacons are more than a "WiFi here!" broadcast, they're also used to help mobile stations save power by keeping the radio off longer. Inside the beacon is a bitmap that's indexed by association ID and tells if the AP has buffered packets for it. So a mobile station can on association tell an AP that it wants to check for traffic every 5 beacon times. The AP can either agree, refuse (perhaps there's no more packet memory) or negotiate a different interval. Then the mobile station goes to sleep if there's no traffic, and wakes up the receiver every 5 beacon periods to catch a beacon frame. If there's no traffic for it, it goes back to sleep for another 5 beacon times. If there is traffic, then it wakes up the transmitter and retrieves the packets from the AP buffers.

All that is contingent on the AP having enough buffer to store the packets (it knows it has to store it for at most 5 beacon periods - after that, it's free to drop them)

The other side effect is well, attempts to modernize the lowlevel management protocol have to take legacy devices into account. Even worse, all it needs is a legacy device on the same frequency. It doesn't matter that you have no 802.11b devices on your network, just having one on another network, same frequency will automatically disable any optimizations (because if they can't be decoded by the 802.11b station, there's a chance of a collision or interference).

The thing to note with this setup isn't about money or customer bandwidth in my opinion - if you are in a congested 2.4ghz area, those additional used frequencies have the potential to cause issues within the already congested space.

Which additional 'used frequencies'? Do you really think that your neighbours would turn off WiFi if this feature was not there? Given how prevalent laptops, tablets and smartphones are that's just wishful thinking. Or maybe you think that because you see two SSIDs it means two WiFi frequencies are used? (hint: it does not)

Your argument is invalid and ludicrous. I did not argue that mark-up was bad, or anything else analogous to a vending machine price on bottled water being relatively high.

Your argument is that Comcast is stealing a penny from you, because of electricity costs--that a Wifi access point may use 0.1mW more power when someone is accessing it. My argument is that the equipment and the line are the property of Comcast, and that as long as they meet their SLA they are doing nothing wrong, and that you are only upset because of a perceived invasion of personal space and not because of any real and physical thing such as service degradation or expense to yourself.

Face it: Comcast is costing you nothing, they are getting something for free, and you are rubbing your greasy lawsuit-happy merchant hands together trying to find an argument for why they are somehow inconveniencing you and owe you recompense. If they simply backed off from this, you would get nothing, and you would also lose the option to use your Comcast account anywhere you could find a cable modem within Wifi range--you would be poorer. Comcast's options have made you somewhat more wealthy because you have access to a resource you previously did not and nobody has to pay for it; but that's not enough for you, you want to make Comcast pay you for the privilege of making your life better.

Lawsuit-happy, greedy Americans. There's eight billion tonnes of shit Comcast is doing that we can complain about, and you bitch about the one thing they do that's actually a zero-cost benefit to basically everyone.

So the easiest way would be to set up a fake access point with graphics stolen from Comcast's real site and then collect the usernames/passwords from people who are trying to connect to it.

Then use those to login to other Comcast sites and do whatever evil you want to.

The best part is that the poor person whom you're framing will have a more difficult time clearing his name because the evil activity happening in his name is happening in his city.

Why stop there? Once you have the fake access point you could us sit to gather all kinds of logons, passwords, etc. Or serve up your own ads, randomly drop user connections, etc. It sound sleek an ideal setup for a man in the middle attack with the added bonus if someone calls Comcast they are told it is a real Comcast site and secure.

You assume their logs will even record that data. And even if that happens, the FBI/Secret Service will claim that they simply did not recover the exact piece of hardware that you used because you either a) hid it b) spoofed the MAC Address or c) got rid of it. The benefits of the a) and c) arguments are that they don't need to recover incriminating evidence on your other devices (i.e. CP, etc.) because you also only used that particular device, but with the "facts" of the logs and your username/password us

Why would you presume that? These modems typically have just one IP address, and I would presume that they NAT using the same one for the XFINITY wireless and for the home user. If a third party records a download of child porn or copyrighted material, they don't have access to the internal identity of the machine, they would only have the IP address Lacking clarification, I think the prudent thing to do is assume that the IP address is going to be the subscriber's, and that this could create the appeara

Why would you presume that? These modems typically have just one IP address, and I would presume that they NAT using the same one for the XFINITY wireless and for the home user.

Maybe because he knows what he's talking about and you don't?

As mentioned in the article the Xfinity users connect to the Xfinity SSID which is an open Wifi network while your Wifi network has a different SSID and is encrypted. So at the WiFi level the networks are completely separate. People seem to think this multiple Wifi network capability is new. It's not. Every access point of the past 10 years I've known about has supported 4 separate networks all along.

Then at the IP level, the way these community Wifi hotspots normally work is that when a guest connects to it he gets an address from a separate network range. Think of it as a VPN if that helps you. This ensures the guest's access is restricted to the official login server until he has registered. It also ensures the guest's IP traffic is separate from the user's local WiFi network. It also makes it possible to keep track of the guest's traffic for billing (if there's billing involved), and solves the copyright police issues.

I don't see myself ever using it, seems like a terrible idea to me. But I should note that they do require to login to the wifi using your xfinity username and password, so it stands to reason that they have the ability to track your actions online.

Maybe I'm giving them too much credit, but I assume the FBI would be aware of Comcast's wifi sharing initiative. Just like running a coffee shop with free wifi that a customer did something unsavory with; the feds wouldn't come kicking in the door assuming that the shop owner was the culprit. They might knock and ask to see logs, but in this case they would get those from the ISP.

Even with my very limited knowledge of network stuff I can solve that, though that doesn't mean Comcast solved it.

If you have it and you want to use another wifi, first login with incorrect credentials. If that gains you access then you can't trust the network. Most people wont do that, so there will probably be no protection (assuming the normal ISP incompetence). Comcast should build a special login program for such things. It can solve the problem in 2 ways:
1. It could first try to contact the server

"What if the FBI come knocking on your door one day saying, We noticed that someone at this address is doing some bad things. Come with us please."

It's happened, and the courts shut it down.

By now, just about every police dept. in the U.S. knows that an IP address does not identify even a house, much less an individual. An IP address by itself is no longer (and never should have been) considered "probable cause".

Too bad the MAFIAA, like debt collectors, don't give a flying fuck who actually did something as long as they have someone they can bully/lie to/scream at until they get paid what they believe they are owed.

To a MAFIAA lawyer an IP address might as well be a mugshot, fingerprints, DNA, and confession all wrapped into a neal little package. And they will spend as much money as it takes to make the courts agree with them.

"To a MAFIAA lawyer an IP address might as well be a mugshot, fingerprints, DNA, and confession all wrapped into a neal little package. And they will spend as much money as it takes to make the courts agree with them."

Well, that must be an awful lot of money, because they have been losing that battle.

I don't know of a court case that has gone forward with just an IP address for justification in the last year. It might have happened... but it's happening a lot less. Enough that you don't see it in the news anymore.

Some people have privacy and security concerns, even though Comcast insists the public and private Wi-Fi networks are entirely separate and shielded from each other. Others worry that the public network will affect the private network's performance. Comcast says this isn't so.

In NL, some ISPs are doing the same. It's even a different public-facing IP address.

Of course, you can also turn it off. Though turning it off on your modem means you don't get to us

Which accomplishes nothing, as you'd be logging in as you - unless you're using somebody else's credentials. That seems to be the main weakness, at least in the NL (Ziggo) case; people intercepting login data or the public wifi being easily hacked to grant access to the internet (not to the internal network), etc.

So, yes, you could certainly access your own modem as John Doe using John Doe's credentials, and they would come knocking on John Doe's door. Best make sur

Some people have privacy and security concerns, even though Comcast insists the public and private Wi-Fi networks are entirely separate and shielded from each other. Others worry that the public network will affect the private network's performance. Comcast says this isn't so.

In NL, some ISPs are doing the same. It's even a different public-facing IP address.

Of course, you can also turn it off. Though turning it off on your modem means you don't get to use it yourself on others' modems.

Comcast says it's fine and they would never ever ever possibly lie to get people to do what they want.

I've been doing that for years. It's MY network, and I define it as I please. I run a public access point, and it IS just one big IP address.

It's not all one network, though. I have my private network, which is protected by WPA2, and my router supports a completely separate guest network, which I have open. They can access the internet via the guest network, but nothing else.

Since I already had routers running dd-wrt (yea..i know I should move to open-wrt/tomato), the first thing I did when I got Comcast was have them disable the wifi on there router and set it up so it runs as a bridge instead. I prefer to have as much control over my network as possible.

I'm not sure how Comcast does it, but when I had shaw do the exact same thing, I was explicitly warned that they would no longer be able to offer remote support for troubleshooting the modem if I left it in bridge mode (they said the can no longer directly connect to it in bridge mode). When I asked how I would get it *out* of bridge mode if a had to, they said I'd have to hard-reset it (note: they put it IN bridge mode remotely after the install).

I was explicitly warned that they would no longer be able to offer remote support for troubleshooting the modem if I left it in bridge mode

Correct. I work for an ISP on the engineering side. For the very reason that modems in bridge mode cannot be remotely monitored via IP SNMP, or accessed via Telnet etc -- our policy is route always; no modems in bridge mode. No exceptions. I'm surprised Comcast even allowed that.

If a customer has their own router, then additional IP addresses can be routed to the modem and then on to their router --- otherwise, the modem will be their NAT boundary.

No customers are provided the username/password access: all config changes by support.

If monitoring finds a modem to be tampered with or no longer responsive -- most likely service will be temporarily turned off, until support clears it after the customer pays for a truck roll (in the case someone did something dumb such as insert a pin in the reset slot of our modem).

In bridge mode, the DSL/Cable modem no longer has an IP address. The only way to regain control over it is to be connected with a laptop on the LAN side of the device and know the 192.168.bla.blah address of the modem, or do a hard reset.

All I can say is that this client is a large incumbent provider -- that you would probably be likely to sign up with if you moved into one of their service areas, and I am quite sure the policy of not using bridging mode on modems is fairly standard in the industry, it is not as if that is unusual.

I was in the UK last year and you can pick up loads of BT open wifi hotspots you can connect to. These then piggy back on a home consumers network connection.

I'm very suss on this as I would have thought contention alone would be a hell of an issue but I assume it is rate limited in some way. I had a play for a couple of minutes trying to compromise my sister-in-laws setup and couldn't manage it but I am far from skilled in that area.

I'm very suss on this as I would have thought contention alone would be a hell of an issue but I assume it is rate limited in some way.

Bingo. Pretty much nobody gives you as many bits as they can push through the wire, on cable anyway. The additional power consumption is negligible, and the user won't lose any bandwidth since they're limited anyway.

The other issue I though of afterwards is to do with NAT table overflows. I have manage to crash every consumer grade router I have used if I run loads of torrents over it. Would be kinda annoying if you router would lockup due to other peoples torrenting.

My ISP-issued modem has built-in WiFi. They want to charge me $10/month to use it (they locked out admin access, obviously - first thing I tried).

Since I literally cannot get a different ISP without moving, I just dug out an old wireless router from my box of miscellaneous computer stuff and set up my own network. Based on broadcast SSIDs, either they let users pick their WLAN name, or literally everyone in the building did the same thing I did.

You are way better with your own wifi router. The hardware of the operator normally has limited capabilities and their DNS proxying/NAT slows down your Internet experience, and besides if you use your wifi to stream movies for the TV, the operator router wont take it and freeze once in a while. In the plus side you are also more in control of your network, specially if you know a little of what you are doing. Is is Telcom, or are you talking about the infamous Telkom in SA?

I'm currently using Comcast Basic Internet for $65/mo. For this I get 25 Mbit speeds. If I paid $100/mo, I could get 100 Mbit speeds. If I did so, there would be no change to my equipment - they'd twiddle a bit someplace and I would suddenly get more speed.

So what this means is that there's at least 75 Mbits of available bandwidth that's not being utilized. Since I'm not using it, why not make it available to a paying neighbor?

The problem is that Comcast doesn't have the uplink bandwidth past the neighborhood aggregation point.

I know a lot of people who have bought Comcast's higher speed packages and only ever get a fraction of it, especially during peak usage.

I had a client with multiple buildings that each had Comcast business internet. With good firewall hardware (using hardware assist crypto) at both ends we could not get a VPN to deliver anything more than a 1/4 of the paid bandwidth tier. Both endpoints were located on d

Depends on where you are. My DSL tops out at 7/768k. The latter is wholly unacceptable for VoIP if any other network operations are going on (since outbound slows when inbound is maxed, and fixing it with QOS requires limiting downstream b/w to 3-4Mbps).

My cable provider used to provide uttterly shitty service, but this recent time around the drop-outs have been almost non-existant. My up-to-50Mb service routinely peaks around 60-62Mb, though the upstream is only about 8-10 (vs 15 advertised). And when I sa

So long as this access point is separate from and invisible to my Internet access, I wouldn't mind. However since they are getting the use of my property and electricity, I would at least like reciprocity in the form of using these wherever else they occur, particularly from a smartphone (thus avoiding the need for a generous data plan). Comcast should also let the property owner decide whether this new access point runs in the 2.4 GHz or 5 GHz band, so as to avoid any slowdown of my own access point.

So now just make a fake Xfinity access point and harvest credentials of passing visitors. Then use those credentials across the country to pin your unsavory traffic on someone else. Free bandwidth for life!

So my cousin got Comcast internet at the business he owns. To do that Comcast wireless stuff they basically brought some piece of hardware that was separate from the cable modem and router for his business and stuck it in a closet near where the cable wire first came in the building. I'm guessing for homes they're going to do the same thing, have that extra box in your house somewhere but your cable connection wouldn't use it. (Admittedly the thing does use some of my cousin's electricity to run so it's not

Sorry to repost - orig post was as AC... maybe someone will actually see this one.
This is NOT an open Wifi network. You must sign in with a Comcast / Xfinity User ID in order to use the network, AND you are signing into SSID 'xfinitywifi', NOT your local, private, SSID 'Ithinktheskyisfalling'.
I saw it pop up on my router last year and do not have a problem with it. Any activity on the xfinitywifi SSID in going to be associated with a specific user, probably not me. Looking at the current networks in my area, I see xfnintywifi on channels 3 and 6, also another 'un-named' network, on one or more channels, that is probably emanating from the same device or another close by, judging from the MAC addresses and signal strength.
I have a Samsung Galaxy Tab 2, wifi only, that I use as my mobile device and connect to the XfinityWifi network, using an ID on my account, at multiple locations. I am glad they set it up and give me access to it. No, I do not have a smart phone.
BTW - there are other networks, Optimum and TWC, that can also be used with your Comcast User ID.
What was it that Yoda said? - 'The ignorance is strong with some of these...' or something like that.

And what exactly is stopping a bad guy from setting their network's SSID to 'xfinitywifi' and hijacking traffic? That's one reason I don't trust public hotspots in general, it's too easy for someone else to impersonate them and while I can and do protect my computer against attack from malware I can't protect my network traffic from the access point I'm connected to.

As far as "logging in" with their user ID, I doubt Comcast has set up the infrastructure to do 802.1x authentication and most clients aren't co

Yes there are ways around this for tech savvy users. That's not the point. The point is Comcast pulling something like this at all - and the way they have gone about it - all say "we can't be trusted with the power we already have". What's to stop them from mandating customers use their equipment? Especially if they are the only show in town.

I hope this provides further fuel for efforts to stop Comcast's merger with Time Warner.

We have here a similar service with a former incumbent operator, which wonders of wonders has almost a virtual monopoly of cables services. The service itself is very useful and allow us to roam in most of locations without paying anything extra. Apparently it is a roaming authentication setup where you can authenticate in the modem of another customer, in a different VLAN/network and at limited speeds. (whilst at home you have 100 Mbps, roaming speeds appear to be on the range 5 to 2 Mbps). There are no dangers of someone knocking in the door of the other because of hacking/porn/whatever, all remote usage is linked to your account due to you logging with your id/password. The downside of this setup is that the 2.4GHz band is overcrowded, with most of the neighbours taking 2 (B)SSIDs. Often this situation compromises the quality of the service itself, both for the proper customer, and to the roaming service is equipment is providing. The situation has gotten so bad, I know of people installing repeaters at home, and I myself had to migrate to a new router in the 5GHz band to be able to work properly. I also disable the operator equipment and it works only in bridging mode, as the CPU capabilities are weak, and I don not trust the security if brings to my own network. There are also some persons who piggyback on the credentials and the family/friends, and use this service permanently with a (very) reduced Internet capacity. (As a side note, in both of my 2 houses in two different cities I can count as much as 40 BSSIDs when walking around the house)

I also forget to add that when you do have the roaming SSID (FON) open, it is not that unusual to have 2 or 3 "roaming" users connecting to you. Many people lend their passwords to friends or family for them not to buy Internet.

There are no dangers of someone knocking in the door of the other because of hacking/porn/whatever, all remote usage is linked to your account due to you logging with your id/password.

That isn't how the copyright police work. They get an IP address and force Comcast to hand over the subscriber details associated with it. Hopefully Comcast will be competent enough to tell them that someone else was logged in to your connection at the time, but maybe not. In any case you will still get a letter demanding money for alleged copyright infringement, and will have to respond and deal with it.

It gets worse if the accusation is terrorism or child porn related. In that case the cops will probably

This is nothing new. BT in the UK have been doing it for a while and it all originated (I think) with the Fon project. Which may have started in Spain, (though I'm happy to be corrected).

The bandwidth available to the public network is limited and it collapses to zero if you're using your own network flat out.Also it doesn't get included in your traffic cap.So the obvious worries are unfounded.

Whether you trust them technologically to get it right and keep it separate is a different matter. And yes, any

In Portugal ZON also offers FON. Pity is that as far I am aware, you can roam in other countries, but I may be wrong. The whole thing is very interesting but connections a bit flaky, as you can routinely jump from one "hotspot" ZON to another. At home, since I disabled FON in our home router, things have improved, and since I disabled our own FON ssid, the stability was better until I disabled everything all together and installed a 5GHz wireless router. I also had routinely crashes of the modem/wifi router

The last time I was in Paris for an extended stay, back in 2009, at least one of the major ISPs was doing this on all their customer routers. The world did not seem to come to an end (or at least I haven't noticed it - maybe I'm oblivious). I can't recall if it was SRF, Numericable or Orange or "free" or one of the other big telecom companies, but they certainly had a lot of hotspots. They might have started working with FON to get an international system going I seem to recall.

They must have had addressed it, because the roaming authentication app asked me to install an iOS profile in my iPhone, and if I am not mistaken, a certificate was installed with it. Will have to check the profile better.

But Deutsche Telekom is not doing this as an opt-out thing, but as opt-in - plus you need a certain router model. I bought the (inexpensive) router and opted in, because now I can use all of these home router hotspots, plus all FON hotspots worldwide, all Telekom hotspots (in public places, at McDonald's, in high speed trains). The public hotspot users get very low QoS, so they don't harm my VDSL connection.

And the best thing: All I have to do to keep using it is connect the home router at least once every 30 days. So since the router is not my primary choice, 99% of time I'm freeloading and using my custom router, all the while keeping my hotspot privileges.

I have a client (a business) in Montpelier, Vermont who had their residential cable service upgrade to "business" class. I was there while they did the work. While they were still there I checked out their work and found the extra cable modem and WiFi router and asked them about it (this was two additional devices off of a splitter). They informed me that it was part of the Xfinity service to provide a public hotspot. I said great, what is the login credentials so visitors to the office can use it. I was informed that since they were a business they (the client) was not permitted to use it and it was only for other Comcast users. I then proceeded to closet where everything was and unplugged the modem and hotspot and only left the business class modem they left. You could tell that they were pissed but could do nothing about it.

What pissed me off is that the client is paying for the electricity and hosting the device for Comcast and not allowed to use it. To top it all off, the stuck a sticker on the clients front window advertising the hotspot with out asking (this is a law office). Needless to say, I ripped that sticker off the minute I saw it.

In theory they should. But you have to trust Comcast to properly research the logs and determine that that IP address assigned to your modem (since the WiFi's part of the modem) was assigned to the public WiFi side and not your account. I'm not sure I'd trust Comcast with that when the consequences of them getting it wrong are so serious, I'd prefer to keep control over access. It may not stop all possibility of illicit access, but at least it'll be something I could have done something about.